Cyber Threat Hunting Analyst with Security Clearance

Cyber Threat Hunting Analyst Job Category: Information Technology Time Type: Full time Minimum Clearance Required to Start: TS/SCI Employee Type: Regular Percentage of Travel Required: Up to 10% Type of Travel: Continental US The Opportunity: The Cyber Threat Hunting team is chartered to prevent, detect, and disrupt advanced adversary activity across cloud and hybrid environments by leveraging Microsoft Azure Sentinel, Defender XDR, and related security tooling. You will design and tune analytics rules, conduct deep-dive hunts, correlate telemetry with threat intelligence, and deliver prioritized mitigation guidance to engineering and operations teams. Hybrid role. Responsibilities: Develop, document, test, and refine custom analytics rules, hunting queries (KQL), and playbooks in Azure Sentinel.
Leverage Azure Sentinel's User and Entity Behavior Analytics (UEBA) and machine learning capabilities to develop custom behavioral models for identifying advanced persistent threats.
Execute intelligence-driven threat hunts, leveraging both strategic and tactical threat intelligence to formulate hypotheses and focus investigative efforts within Azure Sentinel.
Analyze and correlate reported/detected anomalies, incidents, and threat intelligence from various sources.
Map detected activity against known system/network vulnerabilities to characterize the threat landscape.
Perform routine/ad hoc data mining to uncover IOCs, malicious code activity, suspicious traffic patterns, port/protocol anomalies, and configuration issues.
Rapidly alert on emerging exploits, assist in compromise analysis, and support containment.
Produce and maintain organizational leading security indicators and trend reports.
Analyze historical flow data for traffic characterization, blocking/filter recommendations, and threat prioritization.
Deliver clear, prioritized mitigation recommendations to engineers, Infrastructure Support, and O&M staff.
Build automated response workflows with Azure Logic Apps, Automation Accounts, and Sentinel Playbooks.
Recommend and implement sensor tuning.
Mentor junior analysts on best practices, threat hunting methodologies, and automation techniques.
Partner with SOC, IR, network, and application teams to triage, investigate, and contain threats.
Deliver briefings, runbooks, and training on threat hunting, incident response, and tool usage. Qualifications: Required: Active Top Secret with SCI eligibility.
Minimum 5 years in Monitoring, Detection & Analysis (MD&A), threat hunting, or SOC engineering.
DoD 8570/8140 IAT III baseline certification (e.g., CISSP, CISM, CISA, CCNP Security).
DoD 8140 CSSP - Analyst Level certification (e.g., GCIH, GCIA, GCED).
Expertise with Azure Sentinel architecture, Analytics Rules, Workbooks, and data connectors.
Proficiency in Kusto Query Language (KQL) and Sentinel notebooks.
Hands on with Microsoft Defender XDR (Endpoint, Identity, Cloud Apps, O365).
Strong understanding of TCP/IP, common network architectures, host/network log structures, and log analysis.
Familiarity with threat frameworks (MITRE ATT&CK, D3FEND, Cyber Kill Chain).
Experience with OSINT tools, incident response actions, and PII/classification controls.
Scripting/automation: PowerShell, Azure CLI, REST APIs, Logic Apps.
Excellent written/verbal communication, critical thinking, and event triage/prioritization skills. Desired: CEH
• BWEB
• GNFA
• CHFI
• ENSA
• ECIH
• ECSS
• GPPA
• GISF
• GMON
• GREM
• CCNA Security
• CCNP Security
• GCED
• other relevant GIAC or EC Council credentials. - What You Can Expect: A culture of integrity. At CACI, we place character and innovation at the center of everything we do. As a valued team member, you'll be part of a high-performing group dedicated to our customer's missions and driven by a higher purpose - to ensure the safety of our nation. An environment of trust. CACI values the unique contributions that every employee brings to our company and our customers - every day. You'll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality. A focus on continuous growth. Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground - in your career and in our legacy. Your potential is limitless. So is ours. Learn more about CACI here. Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here . The proposed salary range for this position is: $94,400 - $198,300 CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.